Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4035 | 1 Google | 1 Chrome | 2017-09-18 | 9.3 HIGH | N/A |
| Google Chrome before 7.0.517.41 does not properly perform autofill operations for forms, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document. | |||||
| CVE-2010-4036 | 1 Google | 1 Chrome | 2017-09-18 | 6.8 MEDIUM | N/A |
| Google Chrome before 7.0.517.41 does not properly handle the unloading of a page, which allows remote attackers to spoof URLs via unspecified vectors. | |||||
| CVE-2010-4044 | 1 Opera | 1 Opera Browser | 2017-09-18 | 4.3 MEDIUM | N/A |
| Opera before 10.63 does not ensure that the portion of a URL shown in the Address Bar contains the beginning of the URL, which allows remote attackers to spoof URLs by changing a window's size. | |||||
| CVE-2010-4048 | 1 Opera | 1 Opera Browser | 2017-09-18 | 4.3 MEDIUM | N/A |
| Opera before 10.63 allows user-assisted remote web servers to cause a denial of service (application crash) by sending a redirect during the saving of a file. | |||||
| CVE-2010-4049 | 1 Opera | 1 Opera Browser | 2017-09-18 | 4.3 MEDIUM | N/A |
| Opera before 10.63 allows remote attackers to cause a denial of service (application crash) via a Flash movie with a transparent Window Mode (aka wmode) property, which is not properly handled during navigation away from the containing HTML document. | |||||
| CVE-2010-4528 | 1 Pidgin | 2 Libpurple, Pidgin | 2017-09-18 | 4.0 MEDIUM | N/A |
| directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a short p2pv2 packet in a DirectConnect (aka direct connection) session. | |||||
| CVE-2011-0051 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-18 | 6.8 MEDIUM | N/A |
| Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges. | |||||
| CVE-2011-0067 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-18 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly implement autocompletion for forms, which allows remote attackers to read form history entries via a Java applet that spoofs interaction with the autocomplete controls. | |||||
| CVE-2011-0073 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-18 | 10.0 HIGH | N/A |
| Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer." | |||||
| CVE-2011-0082 | 1 Mozilla | 1 Firefox | 2017-09-18 | 4.3 MEDIUM | N/A |
| The X.509 certificate validation functionality in Mozilla Firefox 4.0.x through 4.0.1 does not properly implement single-session security exceptions, which might make it easier for user-assisted remote attackers to spoof an SSL server via an untrusted certificate that triggers potentially unwanted local caching of documents from that server. | |||||
| CVE-2009-4658 | 1 Omidrouhani | 1 Xerver | 2017-09-18 | 4.0 MEDIUM | N/A |
| Xerver 4.32 allows remote authenticated users to cause a denial of service (daemon crash) via a non-numeric web port assignment in the management interface. NOTE: this can be leveraged by non-authenticated attackers using CVE-2009-4657. | |||||
| CVE-2010-0051 | 1 Apple | 1 Safari | 2017-09-18 | 4.3 MEDIUM | N/A |
| WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. NOTE: this might overlap CVE-2010-0651. | |||||
| CVE-2009-4854 | 1 Scripts.oldguy | 1 Talkback | 2017-09-18 | 7.5 HIGH | N/A |
| addons/import.php in TalkBack 2.3.14 allows remote attackers to execute arbitrary commands via the result parameter. | |||||
| CVE-2010-0045 | 2 Apple, Microsoft | 2 Safari, Windows | 2017-09-18 | 9.3 HIGH | N/A |
| Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document. | |||||
| CVE-2010-0097 | 1 Isc | 1 Bind | 2017-09-18 | 4.3 MEDIUM | N/A |
| ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. | |||||
| CVE-2010-0189 | 2 Adobe, Nos Microsystems | 2 Download Manager, Getplus Download Manager | 2017-09-18 | 9.3 HIGH | N/A |
| A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site. | |||||
| CVE-2010-0308 | 1 Squid-cache | 1 Squid | 2017-09-18 | 4.0 MEDIUM | N/A |
| lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header. | |||||
| CVE-2010-0420 | 1 Pidgin | 1 Pidgin | 2017-09-18 | 4.3 MEDIUM | N/A |
| libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing <br> sequences, which allows remote attackers to cause a denial of service (application crash) via a crafted nickname. | |||||
| CVE-2010-1210 | 1 Mozilla | 2 Firefox, Thunderbird | 2017-09-18 | 4.3 MEDIUM | N/A |
| intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 inserts a U+FFFD sequence into text in certain circumstances involving undefined positions, which might make it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted 8-bit text. | |||||
| CVE-2010-1213 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-18 | 4.3 MEDIUM | N/A |
| The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted HTML document. | |||||